Skip to content

Commit

Permalink
Removes auto-updater from workstation
Browse files Browse the repository at this point in the history
Resolves #412
  • Loading branch information
kushaldas authored and eloquence committed Jan 24, 2020
1 parent 73dfb8c commit 25cbedd
Show file tree
Hide file tree
Showing 7 changed files with 9 additions and 82 deletions.
3 changes: 3 additions & 0 deletions MANIFEST.in
Original file line number Diff line number Diff line change
@@ -1,10 +1,13 @@
include dom0/*.sls
include dom0/*.top
<<<<<<< HEAD
include dom0/*.j2
include dom0/securedrop-update
include dom0/securedrop-login
include dom0/securedrop-launcher.desktop
include dom0/securedrop-handle-upgrade
=======
>>>>>>> Remove legacy updater code & references to it; correctly remove symlink
include config.json.example
include README.md
include LICENSE
Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -199,7 +199,7 @@ Be aware that running tests *will* power down running SecureDrop VMs, and may re

### Automatic updates

The `securedrop-update` script will automatically update packages in all TemplateVMs, as well as `dom0`, as part of a daily cron job. This script will also run the salt provisioning logic to ensure the state is consistent. Because AppVMs must be rebooted after a TemplateVM upgrade, a message will inform users to reboot their workstations to apply changes.
Double-clicking the "SecureDrop" desktop icon will launch a preflight updater that applies any necessary updates to VMs, and may prompt a reboot.

To update workstation provisioning logic, one must use the `sd-dev` AppVM that was created during the install. From your checkout directory, run the following commands (replace `<tag>` with the tag of the release you are working with):

Expand Down
2 changes: 0 additions & 2 deletions dom0/sd-clean-all.sls
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,7 @@ remove-dom0-sdw-config-files:
- names:
- /opt/securedrop
- /etc/yum.repos.d/securedrop-workstation-dom0.repo
- /usr/bin/securedrop-update
- /etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation-test
- /etc/cron.daily/securedrop-update-cron
- /usr/share/securedrop/icons
- /home/{{ gui_user }}/.config/autostart/SDWLogin.desktop
- /usr/bin/securedrop-login
Expand Down
14 changes: 5 additions & 9 deletions dom0/sd-dom0-files.sls
Original file line number Diff line number Diff line change
Expand Up @@ -64,20 +64,16 @@ dom0-install-securedrop-workstation-template:
- file: dom0-workstation-rpm-repo
- pkg: dom0-remove-securedrop-workstation-stretch-template

# Copy script to system location so admins can run ad-hoc
# Remove the legacy auto updater script
dom0-update-securedrop-script:
file.managed:
file.absent:
- name: /usr/bin/securedrop-update
- source: salt://securedrop-update
- user: root
- group: root
- mode: 755

# Symlink update script into cron, for single point of update

# Remove symlink to legacy updater
dom0-update-securedrop-script-cron:
file.symlink:
file.absent:
- name: /etc/cron.daily/securedrop-update-cron
- target: /usr/bin/securedrop-update

# Create directory for storing SecureDrop-specific icons
dom0-securedrop-icons-directory:
Expand Down
66 changes: 0 additions & 66 deletions dom0/securedrop-update

This file was deleted.

3 changes: 0 additions & 3 deletions rpm-build/SPECS/securedrop-workstation-dom0-config.spec
Original file line number Diff line number Diff line change
Expand Up @@ -45,12 +45,10 @@ install -m 755 -d %{buildroot}/usr/share/%{name}/scripts
install -m 644 dom0/*.sls %{buildroot}/srv/salt/
install -m 644 dom0/*.top %{buildroot}/srv/salt/
install -m 644 dom0/*.j2 %{buildroot}/srv/salt/
install -m 644 dom0/securedrop-update %{buildroot}/srv/salt/
install -m 644 dom0/securedrop-login %{buildroot}/srv/salt/
install -m 644 dom0/securedrop-launcher.desktop %{buildroot}/srv/salt/
install -m 655 dom0/securedrop-handle-upgrade %{buildroot}/srv/salt/
# The next file should get installed via RPM not via salt
install -m 755 dom0/securedrop-update %{buildroot}/srv/salt/securedrop-update
install -m 644 sd-app/* %{buildroot}/srv/salt/sd/sd-app/
install -m 644 sd-proxy/* %{buildroot}/srv/salt/sd/sd-proxy/
install -m 644 sd-whonix/* %{buildroot}/srv/salt/sd/sd-whonix/
Expand All @@ -64,7 +62,6 @@ install -m 644 launcher/sdw_updater_gui/*.py %{buildroot}/opt/securedrop/launche
%doc README.md LICENSE
%{python3_sitelib}/securedrop_workstation_dom0_config*
%{_datadir}/%{name}
%{_bindir}/securedrop-update
/srv/salt/sd*
/srv/salt/dom0-xfce-desktop-file.j2
/srv/salt/securedrop-*
Expand Down
1 change: 0 additions & 1 deletion setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@
url="https://github.com/freedomofpress/securdrop-workstation",
data_files=[
("share/securedrop-workstation-dom0-config", ["config.json.example"]),
("bin/", ["dom0/securedrop-update"]),
],
classifiers=(
"Development Status :: 3 - Alpha",
Expand Down

0 comments on commit 25cbedd

Please sign in to comment.